Advocacy group Fair Vote UK is assembling a class action lawsuit against Facebook over its mishandling of people’s information.

Fair Vote has 84 claimants so far, but 1.1 million British citizens were affected by the breach overall.

The news comes after the UK’s privacy watchdog said it planned to fine Facebook £500,000 ($AU893,600) for breaking data protection laws.

Data protection lawyer Sean Humber says that Facebook could potentially face a bill running into the hundreds of millions of pounds, or even higher depending on how seriously the data was misused.

Advocacy group Fair Vote is assembling a class action suit against Facebook over the Cambridge Analytica data scandal.

Fair Vote has 84 claimants so far, but 1.1 million British citizens were affected by the scandal and would potentially be eligible for compensation, according to the group.

Fair Vote runs on public donations and its self-stated aim is to to tackle the issues of data misuse, voter manipulation and lack of transparency in elections.

It began its class action in April, after news first broke that millions of people’s Facebook information had been handed to political consultancy Cambridge Analytica, and potentially used to influence their votes.

For a company as large as Facebook, £500,000 ($AU893,600) is just a slap on the wrist.

But, as the Fair Vote action shows, the penalty may just be the tip of the iceberg.

Fair Vote’s director, Kyle Taylor, told Business Insider that he was worried that Facebook wouldn’t face a sufficiently large penalty. Since new European data protection laws, known as the GDPR, came into force in May, companies face much bigger penalties for mishandling data. The £500,000 ($AU893,600) fine from the ICO was the maximum penalty prior to GDPR.

“My initial thinking was because the breach happened before GDPR there was no way that there would be a significant enough punishment for Facebook,” Taylor said.

“For large companies like this it’s really important I think that the punishment fits the crime. And the best way that I think that you can do that with a private company is for individuals who have been negatively affected by that company to work together to make sure that they understand that they can’t abuse their users.”

British law firm Leigh Day is also planning a class action suit

Data protection lawyer Sean Humber from British law firm Leigh Day said users whose data was harvested have good claims for compensation against Facebook.

“The ICO’s intention to fine Facebook the absolute maximum amount possible confirms the seriousness of their failings,” he said. “Users had a right to expect Facebook to operate in a transparent way and keep their information safe.

“This clearly did not happen and those affected are now entitled to know exactly what happened to their information as well as compensation for this misuse. Facebook could easily be facing a bill running into the hundreds of millions of pounds.”

Humber added that hundreds of millions of pounds might actually be a conservative figure. “The level of compensation is likely to be dependent on quite what then happened to that information,” he said.

He says that if the data was used for political purposes, for example during the Brexit referendum, that would constitute a particularly serious breach, and could mean individual claims could possibly run into the thousands of pounds. With 1.1 million UK citizens affected by the breach, this goes well beyond hundreds of millions.

Humber said that further investigation is needed to ascertain just what happened to the scraped data and where it is now. He said it is “extremely likely” that Leigh Day will be launching its own class action on behalf of those affected in due course.